Attached debdiff for review and inclusion into Oneiric. ** Description changed:
+ SRU: + + [Impact] + Anyone attempting to use isc-dhcp will fail to start if apparmor is enabled. + + [Development Fix] + Addition to AppArmor rules for dhcp: + - allow writes to the compiled in default pid file + - allow reads to /var/lib/wicd/* + + [Stable Fix] + Precise revision: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/isc-dhcp/precise/revision/45 + Also attached debdiff for review and inclusion into Oneiric. + + [Test Case] + Install isc-dhcp on Oneiric and attempt to run service through normal initialization routines. + + [Regression Potential] + Regression is minimal since this only increases the scope of what is writeable and readable by dhcp service. + + Bug Description: When starting isc-dhcp-server, the following appears in syslog: Apr 5 01:20:06 nibbler dhcpd: Can't create PID file /var/run/dhcpd.pid: Permission denied. Apr 5 01:20:06 nibbler kernel: [293336.249992] type=1400 audit(1333614006.094:47): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/dhcpd" name="/run/dhcpd.pid" pid=12427 comm="dhcpd" requested_mask="c" denied_mask="c" fsuid=107 ouid=107 Even when adding to dhcpd.conf: pid-file-name "/var/run/dhcp-server/dhcpd.pid"; it produces: Apr 5 01:33:39 nibbler kernel: [294149.878702] type=1400 audit(1333614819.902:48): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/dhcpd" name="/run/dhcp-server/dhcpd.pid" pid=13392 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=107 ouid=107 due to not having read access in the AppArmor profile: - /{,var/}run/dhcp-server/dhcpd{,6}.pid w, + /{,var/}run/dhcp-server/dhcpd{,6}.pid w, If this is truly where the pid should be, the compiled-in default should be changed, as well as the AppArmor profile tweaked for read access. ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: isc-dhcp-server 4.1.ESV-R4-0ubuntu3 ProcVersionSignature: Ubuntu 3.2.0-21.34-generic 3.2.13 Uname: Linux 3.2.0-21-generic x86_64 ApportVersion: 2.0-0ubuntu4 Architecture: amd64 Date: Thu Apr 5 01:22:25 2012 InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Beta amd64 (20120229) ProcEnviron: - TERM=screen - LANG=en_US.UTF-8 - SHELL=/bin/bash + TERM=screen + LANG=en_US.UTF-8 + SHELL=/bin/bash SourcePackage: isc-dhcp UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.dhcp.dhcpd.conf: [modified] mtime.conffile..etc.dhcp.dhcpd.conf: 2012-04-05T01:19:58.906748 ** Patch added: "isc-dhcp_4.1.1-P1-17ubuntu10.2.debdiff" https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/974054/+attachment/3148145/+files/isc-dhcp_4.1.1-P1-17ubuntu10.2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/974054 Title: dhcpd attempts to use /var/run/dhcpd.pid, AppArmor errors To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/974054/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
